Talk to a Security Expert Now: (800) 721-9177

Finding the Needle in the NBEstack

I’m a huge fan of the Nessus vulnerability scanner.  It’s got plug-ins for anything you could ask for, runs great in a Linux environment, and outputs a ton of information (thanks to thousands and thousands of checks).  While all that information is a good thing, sometimes you are just looking for specific issues or findings across a network.  A quick way I like to strip out interesting information is grepping through the output files for certain Nessus ID’s.  Here is a quick list of interesting plug-ins:

  • 16314 – Lists suspicious and unwanted software.
  • 36217 – Detection of the Conficker worm.
  • 23938 – Locates Cisco routers with missing / default passwords.
  • 38153 – A nice summary of missing Microsoft patches.
  • 11936 – Identification details about the machines OS.
  • 10673 – Locates SQL servers with default / blank SA accounts.
  • 10396 – Details about SMB shares.
  • 23910 – Locates modified HOSTS files – can be an indication of a virus or malware.

To search for these, I usually do a quick grep nessus-id *.nbe and then use cut with custom delimiters to filter out the IP addresses and other pertinent information.

Leave a Reply

Your email address will not be published. Required fields are marked *